2019-11-27 - EMOTET EPOCH 3 INFECTED WINDOWS CLIENT AS SPAMBOT
ASSOCIATED FILES:
- 2019-11-27-Emotet-epoch-3-infected-Windows-client-as-spambot.pcap.zip 20 MB (19,994,798 bytes)
NOTES:
- This is traffic from the middle of an Emotet infection, where the infected Windows host was acting as a spambot.
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Infection traffic filtered in Wireshark.
Shown above: Filtering to see if any of the malspam was sent using unencrypted SMTP.
Shown above: Exporting IMF (Internet Mail Format) items from the pcap.
Shown above: Filtering on HTTP post-infection traffic for Emotet in this pcap.
Click here to return to the main page.